CN1315275A - Storage rewriting system for vehicle controller - Google Patents

Storage rewriting system for vehicle controller Download PDF

Info

Publication number
CN1315275A
CN1315275A CN01111611.0A CN01111611A CN1315275A CN 1315275 A CN1315275 A CN 1315275A CN 01111611 A CN01111611 A CN 01111611A CN 1315275 A CN1315275 A CN 1315275A
Authority
CN
China
Prior art keywords
safety
data
rewriting
recordable memory
vehicle control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN01111611.0A
Other languages
Chinese (zh)
Other versions
CN1219671C (en
Inventor
屋敷哲也
松浦正典
水尾直彦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honda Motor Co Ltd
Original Assignee
Honda Motor Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honda Motor Co Ltd filed Critical Honda Motor Co Ltd
Publication of CN1315275A publication Critical patent/CN1315275A/en
Application granted granted Critical
Publication of CN1219671C publication Critical patent/CN1219671C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C16/00Erasable programmable read-only memories
    • G11C16/02Erasable programmable read-only memories electrically programmable
    • G11C16/06Auxiliary circuits, e.g. for writing into memory
    • G11C16/10Programming or data input circuits
    • G11C16/102External programming circuits, e.g. EPROM programmers; In-circuit programming or reprogramming; EPROM emulators

Abstract

A memory rewriting system for a vehicle controller is provided. The system comprises a vehicle controller and an external rewriting device. A vehicle controller comprises a rewritable memory 16 storing first security data. The first security data is used to determine whether rewriting to the rewritable memory is permitted. The rewriting device transfers new security data to the vehicle controller. The vehicle controller deletes the first security data and writes the new security data into the rewritable memory. Rewriting the new security data is performed by a program-stored in a non-rewritable memory.

Description

The storage rewriting system that is used for vehicle control device
The present invention relates to a kind ofly rewrite memory of data rewriting system the memory device that is stored in vehicle control device by means of the another kind of data that transmit from outside rewriting device.
Vehicle stands by the various types of controls of (hereinafter being called " ECU ") of an electronic control unit.Such control comprises the relevant control of driving engine that is used for air fuel ratio, fuel injection amount and discharging; And the car body relevant controlling that is used for power window, air bag and ABS.ECU according to by be installed in various sensor on the vehicle when precondition and vehicle running state, all kinds control to vehicle is provided.
On the other hand, vehicle can comprise an anti-theft system.In general, whether be genuine to the inspection of anti-theft system electronics if being used for the ignition key of start the engine by chaufeur.If it is genuine determining key, then anti-theft system is used for one allowing the signal of vehicle operating to be sent to ECU.On the other hand, not genuine if determine ignition key, judge that then chaufeur is not the donor, and he can not operate vehicle.Thereby, allowing before the signal receiving, ECU sprays and does not allow engine starting by for example stopping fuel.
The ROM (read-only memory (ROM)), one that ECU comprises program that a central processing unit (CPU), storage will be finished and data for execution provide work area and storage computation result RAM (random access memory), and one be used for from each sensor received signal and control signal be sent to the I/O interface of driving engine each several part.
ROM usually comprises a recordable memory such as flash memory, EEPROM or EPROM, to allow rewriting program or data therein.Japanese Patent Application Publication No.63-223901 has described a kind of by means of being installed in ECU response on the vehicle changes the program among the EEPROM that is stored in ECU from the request of external device (ED) method.
Change program among the ROM be stored in ECU or a kind of like this function of data, make to be necessary that defence program or data avoid by the external device (ED) access, thereby prevent that user or other third parties from not having proper authorization and rewriteeing program or the data that are stored among the ROM.Japanese Patent Application Publication No.3-238541 has described and has a kind ofly used one to check that data structures determines the vehicle control device whether program in the ROM of ECU or data are distorted.According to this mechanism, storage is based on the inspection data that are stored in the data among the ROM in advance.After the vehicle shipment, ECU sets up new inspection data according to the data that are stored among the ROM.ECU compares new inspection data then with the inspection data of storage in the past, if they inequality with regard to determination data by altered data and connect alarm lamp.
The key that is used for discharging above-mentioned safety performance only for automaker's contract under rewriting device maker be known.Thereby only the rewriting device of being authorized by the automaker can use " key " and change to be stored in data among the ROM of this automobile ECU.
To a kind of canonical process that be used for changing the program among the ROM be described briefly.Above-mentioned key is generally by a certain function representation, and this function not only is provided in the rewriting device but also is provided among the ECU.Rewriting device is connected on the ECU, and uses its oneself function (being key) to calculate a functional value for an Any Digit value that transmits from ECU then.Rewriting device is sent to ECU to this functional value then.Simultaneously, ECU uses its oneself function (being key) to calculate a functional value for identical digital value.ECU the functional value that receives from rewriting device with compare by itself definite functional value.If they equate that then ECU discharges safety performance.Thereby, allow rewriting device to rewrite the data that are stored among the ROM.If they are unequal, judge that so this rewriting device is not genuine, because rewriting device has different function (key) with ECU.Therefore, do not discharge safety performance, and rewriting device can not rewrite the data that are stored among the ROM.
Yet the key that is used for discharging safety performance is stored in the not rewritable area of the ROM among the ECU routinely, thereby after vehicle loads and transports, can not change key with rewriting device.Thereby if the accidental other third party who divulges a secret the user or do not authorize of key, then the rewriting device except that authorizing can rewrite the key among the ROM, destroys safety performance thus.
On the other hand, if vehicle comprises an anti-theft system, and if rewrite the program that is used for operating anti-theft system, anti-theft system was lost efficacy.Thereby, be used for rewriteeing the safety that the system of the program that is stored among the ROM or data need be higher than anti-theft system.
One object of the present invention is to provide a kind of storage rewriting system that is used for vehicle control device, even this storage rewriting system after vehicle shipment, also can change the key of the safety performance that the program that is used for discharging among the ROM that prevents to be stored in ECU or data are distorted.Do not have the third party of mandate even key has been divulged a secret to, maker also can use this rewriting device to change key, and safety performance is easily recovered.
Another object of the present invention is to provide a kind of storage rewriting system that is used for vehicle control device, and this storage rewriting system can be operated with anti-theft system.
According to an aspect of the present invention, provide a kind of vehicle control device that comprises a recordable memory.Recordable memory storage is used for determining whether allowing first data of safety that recordable memory is rewritten.Vehicle control device is configured to, and response is deleted the new data of safety of first data of safety and handle and is write in the recordable memory from the reception of the new data of safety of an outside rewriting device.Recordable memory can be realized in the nonvolatile memory such as flash memory, EPROM and EEPROM.Thereby, can easily recover safety performance by the data of safety that rewriting is stored in the recordable memory, the third party also prevents the illegal diffusion that rewrites even data of safety has been divulged a secret.
In one embodiment of the invention, vehicle control device also comprises a non-recordable memory, wherein stores the program that is used for deleting first data of safety and writes new data of safety.Thereby, prevent that the program that rewrites data of safety from avoiding being distorted.
In another embodiment of the present invention, in single memory, realize recordable memory and non-recordable memory.
In another embodiment of the present invention, an anti-theft system is connected on the vehicle control device.In this case, if anti-theft system allows the operation about vehicle, then allow rewriting to recordable memory.
According to another aspect of the present invention, provide a kind of rewriting device that is included in a recordable memory in the vehicle control device that is used for rewriteeing.Rewriting device comprises the memory device and the communicator that is used for transmitting new data of safety that are used for storing new data of safety.The new data of safety that transmits is write in the recordable memory.The data of safety that writes in the recordable memory is used for determining whether allowing recordable memory is rewritten.Rewriting device provides a user interface that makes the user can set up new data of safety.Moreover, the controller block data of data of safety of making a fresh start that can collect.Each block data comprises that the program code field of a subprogram code that is used for new data of safety and one are used for the wherein address field of the leading address of the recordable memory of storage area program code.Communicator is by the serial communication transmission block.
In one embodiment of the invention, rewriting device further sends a request to vehicle control device, to delete first data of safety and the new data of safety that transmits is write in the recordable memory.
According to another aspect of the present invention, rewriting device is stored second data of safety.Vehicle control device is compared first data of safety of storing in the recordable memory of installing therein with second data of safety that transmits from rewriting device.If first data of safety and second data of safety are complementary, then vehicle control device allows rewriting device that recordable memory is rewritten.
In one embodiment of the invention, first data of safety has identical function with second data of safety.Rewriting device comprises a program, so that according to the function of first data of safety one number is calculated one first functional value.Vehicle control device calculates one second functional value according to the function of second data of safety for this number.Vehicle control device is compared first functional value with second functional value that transmits from rewriting device.If first functional value equals second functional value, then vehicle control device allows rewriting device that recordable memory is rewritten.
Fig. 1 represents a kind of outward appearance of storage rewriting system according to an embodiment of the invention;
Fig. 2 is a diagram of block, represents whole according to an embodiment of the invention storage rewriting system;
Fig. 3 is illustrated in the example of the form of the ROM of the ECU in the storage rewriting system according to an embodiment of the invention and a CPU;
Fig. 4 represents the operating process of storage rewriting system according to an embodiment of the invention;
Fig. 5 is a proof procedure of being carried out by storage rewriting system according to an embodiment of the invention;
Fig. 6 is a diagram of circuit, the process that is used for discharging safety that expression is carried out by storage rewriting system according to an embodiment of the invention;
Fig. 7 is a diagram of circuit, the process that is used for discharging safety that expression is carried out by the ECU of storage rewriting system according to an embodiment of the invention;
Fig. 8 is a diagram of circuit, the process that is used for rewriteeing that expression is carried out by the rewriting device of storage rewriting system according to an embodiment of the invention; And
Fig. 9 is a diagram of circuit, the process that is used for rewriteeing that expression is carried out by the ECU of storage rewriting system according to an embodiment of the invention.
Description is used for rewriteeing the present invention of the security procedures in the nonvolatile memory that is stored in vehicle control device with reference to accompanying drawing.Yet, the invention is not restricted to be used for rewriteeing the system of security procedures, but be applicable to and be used for rewriteeing the various systems that are stored in the data in the nonvolatile storage memory.
Fig. 1 represents a kind of outward appearance of storage rewriting system according to an embodiment of the invention.Storage rewriting system comprises that is installed in the 10 and rewriting devices 11 of electronic control unit (ECU) on the vehicle 1.Rewriting device 11 is authorized by the maker of vehicle 1.ECU 10 comprises that can rewrite a ROM (not shown).As shown in FIG., when rewriting device 11 is connected on the ECU 10, and when carrying out some proper handlings for rewriting device 11, discharge that program among the ROM that is used for preventing being stored in ECU 10 or data avoid not having proper authorization and the safety performance that is rewritten.Thereby, allow rewriting device to rewrite program or the data that are stored among the ROM.
Carry out rewriting by the serial communication between ECU 10 and rewriting device 11.The user by operate on the rewriting device 11 action button and/or with the display screen interaction that is provided on the rewriting device 11, can send to ECU 10 to the data that are used for rewriteeing.Yet rewriting device is not limit the form shown in the figure, but can be the another kind of form with the agreement that can communicate by letter with ECU 10.
Fig. 2 is a functional block diagram, represents whole according to an embodiment of the invention storage rewriting system.As mentioned above, storage rewriting system comprises ECU 10 and the rewriting device 11 that is installed on the vehicle.Rewriting device 11 is provided at ECU 10 outsides, and is connected thereto through serial communication.Selectively, between rewriting device 11 and ECU 10, can use parallel communications.
ECU 10 comprises: a central processing unit 14 (hereinafter being called CPU) comprises a microcomputer and relevant circuit component; ROM 16 and 18, they are nonvolatile memory and stored programme and data; A RAM 37 (random access memory), for execution provides the work area, and the storage computation result; And an I/O interface 38, be used for from each sensor 39 received signals and control signal be sent to the each several part of driving engine.Signal from each sensor 39 comprises engine rotational speed (Ne), Engine Coolant Temperature (Tw), intake air temperature (Ta), cell pressure (VB), reaches ignition lock (IGSW).Thereby according to a signal from I/O interface 38 input, CPU 14 calls a control program and data are calculated to carry out from ROM 16 and 18, and the result is outputed to the various functions of the each several part of vehicle with control vehicle through I/O interface 38.
ECU 10 also comprises an interface 12.Interface 12 has and is used for the agreement of communicating by letter with rewriting device 11, so that can realize serial communication between ECU 10 and rewriting device 11.
Can rewrite ROM 16 and be one can delete the storage data and can write the memory device of new data to it from it.Can rewrite ROM 16 for example can be flash memory or EEPROM.By the part that can rewrite the memory area of ROM being appointed as immutable zone or, can being realized the non-ROM 18 that rewrites by using to its curing data and can not write the mask rom of data from its deletion or to it later on during manufacture.Selectively, can realize ROM 18 by means of a PROM that only can write a secondary data to it.
ROM 16 and 18 can realize as two memory devices of physical separation.In addition, can be divided into two zones to the memory area of single memory, thereby one of zone is used as rewritable area, and other are as non-rewritable area.Under latter event, for example, in EEPROM, specified after the non-rewritable area of stored programme wherein etc., in the not packing space of memory device, specify a rewritable area by means of a start address and an end address.
Now, with reference to Fig. 3 ROM 16 and 18 and the example of a kind of form of CPU are described.In the figure, ROM 16 and 18 uses a flash memory to realize.Fig. 3 (a) expression and CPU provide a kind of form of flash memory discretely.When by with the input rewrite operation pattern of communicating by letter of rewriting device 11 time, CPU receives data from rewriting device 11, and is used for rewriteeing a program of flash memory by means of the data call that receives.
On the other hand, Fig. 3 (b) expression has an a kind of form that combines the interior dress flash memory that constitutes a chip with CPU.When response enters the rewrite operation pattern from a signal of rewriting device, use the function that is included among the CPU to be rewritten to this flash memory automatically from the data that rewriting device transmits.Storage rewriting device according to the present invention is applicable to any of above form.
Refer again to Fig. 2, can rewrite security function f of ROM 16 storages 2Security function f 2Realization is used for preventing to be stored in the safety performance that the data among the ROM 16 are illegally rewritten.
The non-ROM of rewriting 18 storages are used for realizing a verification portion 31, random number generator 33, and the program of a rewriting portion 35.Verification portion 31 responses are used for from the request of rewriting device 11 release safetys, and the safety in utilization function f 2Determine with a random number R that produces by random number generator 33 whether rewriting device 11 is genuine.Use random number R can realize the safety performance that will improve.If it is genuine determining rewriting device, then verification portion 31 discharges holding property of safety.
After this, rewriting portion 35 deletion security function f 2, and from new security function f of rewriting device 11 receptions 3, so that it is rewritten among the ROM 16.Security function f 2Can physics or logically deletion.The logic deletion can use a deleted marker to realize.More particularly, the security function f of the deleted marker of band setting 2Think and delete in afterwards the process.
Rewriting device 11 has a security function f 1With a new security function f 3Security function f 1With the security function f among the ROM 16 that is stored in ECU 10 2Cooperation realizes safety performance.If security function f 2Do not change, then the security function f of rewriting device 11 by any third party 1Security function f with ECU 10 2Identical.In another embodiment, security function f 1And f 2Has certain relation.If should relation keep, then determine security function f 2Do not distorted.
Be stored in security function f among the ROM 16 in rewriting 2Prepare new security function f before 3New security function f 3Can pass through the current safety function f 1Carry out some and change foundation.According to an example, new security function f 3Be one and security function f 1Function with different expression formulas.According to another example, new security function f 3Being one has in function expression and security function f 1The function of different constants.For example, work as function f 1And f 2Be f 1=f 2During=A * R+B (A=10 and B=5), new security function f 3Be arranged to f 3=A+R * B (A=10 and B=5).Selectively, can be function f 1And f 2Constant A and the value of B change to 5 and 10 respectively.
Rewriting device 11 comprises that also safety discharges requested part 21, overwrite request part 23, and block data compilation part 25, and these can be used as procedure stores in a memory device of rewriting device 11.Safety discharges requested part 21 safety in utilization function f 1 Request ECU 10 discharges safety performance.
Block data compilation part 25 is from security function f 3Program code compilation be applicable to the block data of serial communication.Each block data comprises an address field and a program code field.The program code field comprises a subprogram code, and address field comprises a wherein leading address in the zone of storage area program code.Block data compilation part 25 is security function f 3Program code be divided into multi-disc, its each sheet has certain length (for example 8).Every or each subprogram code of program code are placed in the program code field of a block data.A leading address of each subprogram code is placed in the address field of block data.Thereby, the compilation block data.
After discharging safety performance, overwrite request part 23 is serially the new security function f of expression by block data compilation part 25 compilations 3Block data be sent to ECU 10.
An anti-theft system 81 is connected on the ECU 10, thus storage rewriting system can with anti-theft system 81 exchange messages.Anti-theft system 81 extracts an electronic code from be inserted in an ignition key in the key hole when driving engine will start, and this electronic code is compared with a predetermined authorization code, to check whether the ignition key that inserts is genuine.If it is genuine determining ignition key, then anti-theft system 81 allows an indication signal of engine starting to be sent to ECU 10 through an I/O interface 38.When receiving this permission signal, ECU 10 is provided with the engine starting that can be stored among RAM 37 or the ROM 16 and allows sign, and start the engine.If it is not genuine determining the ignition key that inserts, then do not export the permission signal.Thereby ECU 10 can not start the engine.Although anti-theft system 81 and ECU 10 are illustrated respectively among Fig. 2, some functions of anti-theft system 81 can be included among the ECU 10.For example, the mandate of ignition key can be finished by ECU 10.
Be shown in the operation of the storage rewriting system among Fig. 2 with reference to the Figure 4 and 5 description list.For example, when after being connected on the ECU 10, pressing the action button of rewriting device 11 to rewriting device 11, the beginning rewrite operation.Selectively, rewrite operation can be by operation ECU 10 beginnings.
In step 41, the safety of rewriting device 11 discharges requested part 21 signal that an indication is used to discharge security request is sent to ECU 10.Proof procedure of ECU 10 these signal enablings of response is so that confirm to authorize rewriting device to be connected thereto.Below with reference to Fig. 5 proof procedure will be described.
If ECU verifies rewriting device 11, and allow it to rewrite rewriteeing ROM 16, then process advances to step 42.The overwrite request part 23 of rewriting device 11 is sent to ECU 10 to the signal that an indication rewrites beginning, and when preparing to rewrite, the rewriting portion 35 of ECU 10 is returned one and begun to allow signal.In step 43, rewriting device 11 is sent to ECU 10 to a request that is used for transferring to a rewrite operation pattern, and the rewriting portion 35 of ECU 10 is carried out a process that is used for transferring to the rewrite operation pattern then.In step 44, whether overwrite request part 23 inquiry ECU 10 transfer of complete operation pattern.If finished transfer, then rewriting portion 35 shifts the signal of finishing to an indication and is sent to rewriting device 11.
In step 45, the 23 request deletions of overwrite request part are stored in the security function f that can rewrite among the ROM 16 2, and responding this point, rewriting portion 35 is from ROM 16 deletion security function f 2
At this moment, in rewriting device 11, prepared new security function f 3Function f 3Provide, as the serial data block that is used to be sent to ECU 10 by block data compilation part 25.Generally before rewriting device 11 is sent to ECU 10 to the request that is used for discharging safety or notice rewriting beginning, set up security function f 3Yet, for new security function f 3This preparation can be before step 45 carry out immediately.
Can prepare new security function f 3, for example a plurality of functions from be kept at rewriting device 11 are in the past selected one.Selectively, the user can set up new security function f by handling rewriting device 11 3
In step 46, overwrite request part 23 is the new security function f of expression 3First of block data with indication request a signal that can rewrite ROM 16 and rewrite is sent to ECU 10.Rewriting portion 35 receives block datas from rewriting device 11, and writes and can rewrite ROM 16 being included in a subprogram code in the block data.The subprogram code is write in the address of being indicated by the address field of block data.In case finished writing of subprogram code, rewriting portion 35 just is sent to rewriting device 11 writing the notice of finishing.As the response to this, rewriting device 11 is sent to ECU 10 to next block data.Repeat this step 46, up to security function f 3All program codes be written among the ROM 16.
In case finished writing of all program codes, overwrite request part 23 just is sent to ECU 10 (step 47) to a request that is used for discharging the rewrite operation pattern.As the response to this, rewriting portion 35 discharges the rewrite operation pattern.Because rewriting device 11 changes to f to the security function that is stored among the ROM 16 3So, the function that is used by rewriting device 11 also is set to f 3Thereby, later on by means of security function f 3Can realize safety performance.At a new security function f 3Write after the ROM 16, can delete former security function f 1
Fig. 5 represent with Fig. 4 in an example of the corresponding proof procedure of step 41.In step 51, the safety of rewriting device 11 discharges requested part 21 request ECU 10 and transmits a number R arbitrarily.As response, call the verification portion 31 of ECU 10 to this.Verification portion 31 is called the random number generator 33 that produces random number.Verification portion 31 is selected number R from the random number that is produced by random number generator 33, and number R is sent to rewriting device 11 (step 52).Selectively, can use a different mechanism that any several R is set.Rewriting device 11 uses the security function f that has been stored in wherein 1, so that according to K1=f 1(R) determine function f for data R 1Functional value K1 (step 53).
On the other hand, the verification portion 31 of ECU 10 is used and is stored in the security function f that can rewrite among the ROM 16 2, so that according to K2=f 2(R) determine a functional value K2 (step 54) for number R.The safety of rewriting device 11 discharges requested part 21 functional value K1 is sent to ECU 10 (step 55).Verification portion 31 is compared the functional value K1 from rewriting device 11 (step 56) with the inner functional value K2 that determines, and if they equate that then definite rewriting device 11 is genuine.After, verification portion 31 checks that the engine starting that is stored among the RAM 37 allows whether sign is value one (step 57).If allowing sign is one, this means that then having exported engine starting from anti-theft system 81 allows signal, and the signal that an indication rewriting is allowed is sent to rewriting device 11 (step 58).
Thereby safety performance need discharge so that rewrite and be stored in the data that can rewrite among the ROM, thereby uses the current safety function f 1And f 2Be used for discharging safety performance.By means of the anti-theft system that is installed in the vehicle, have only to have discharged anti-theft system, just discharge the safety performance that is used for storage rewriting system, prevent illegal chaufeur overwriting data thus.
Fig. 6 is a diagram of circuit, the process that is used for discharging safety that expression is carried out by storage rewriting device 11.In step 61, rewriting device 11 is from ECU 10 requests one number R.Receive number R (step 62) from ECU 10 after the rewriting device 11.When receiving several R, rewriting device 11 uses the security function f that has remained on wherein 1For number R computing function value K1 (step 63).After, rewriting device 11 is sent to ECU 10 (step 64) to functional value K1.
Fig. 7 is a diagram of circuit, the process that is used for discharging safety that expression is carried out by ECU 10.The request that ECU 10 receives for number R from rewriting device 11.When receiving this request, ECU 10 is provided with the several R (step 72) from random number, and it is sent to rewriting device 11 (step 73).ECU uses the security function f that has remained on wherein then 2For number R computing function value K2 (step 74).
ECU 10 is from rewriting device 11 receiver function value K1 (step 75), and a value K1 compare with value K2 (step 74).If they equate then ECU 10 check engines start to allow to indicate whether be one (step 77).If sign is one, then process advances to step 78 and rewrites the permission sign to be provided with one, and indication allows rewriting device 11 to rewrite thus.If unequal in step 76 value, perhaps engine starting is not allowed sign value of being set in step 77, allow sign to be set to zero (step 79) rewriteeing so, do not allow rewriting device to rewrite with indication.
Fig. 8 is a diagram of circuit, the process that is used for rewriteeing that expression rewriting device 11 is carried out.In step 81, rewriting device 11 transmits the request that is used for being rewritten to ECU 10.This request is actual can be comprised and is illustrated in notice that being used among Fig. 4 rewrite beginning, is used for request of transferring to the rewrite operation pattern etc.When the rewriting that the request reception that is used for rewriteeing in response is provided by ECU 10 allows (step 82), rewriting device 11 is set up new security function f 3Block data (step 83).Use above-mentioned rewriting device 11 can set up new security function f arbitrarily 3 Rewriting device 11 is then the new security function f of expression 3Block data be sent to ECU 10 (step 84).
Fig. 9 is a diagram of circuit, the process that is used for rewriteeing that expression is carried out by ECU 10.When rewriting device 11 receives the request that is used for rewriteeing (step 91), ECU 10 checks to allow sign whether to be set to one (step 92) rewriteeing.If sign is set to one, this means proves that rewriting device 11 is genuine, and ECU waits for the new security function f that transmits from rewriting device 11 so 3In fact, between step 92 and 93, can carry out all processes, as shown in Figure 4 to the transfer of rewrite operation pattern or from rewriteeing ROM deletion current safety function f 2
After, receiving new security function f 3The time when (step 93), ECU is this function f 3Write and to rewrite ROM 16.Thereby, by means of new security function f 3Rewrite and be stored in the security function f that can rewrite among the ROM 16 2

Claims (22)

1. vehicle control device comprises that is used for storing a recordable memory that is used to determine whether to allow first data of safety that recordable memory is rewritten;
Wherein vehicle control device is configured to, response is deleted the new data of safety of first data of safety and handle and is write in the recordable memory from the reception of the new data of safety of an outside rewriting device.
2. vehicle control device according to claim 1 wherein is used for deleting first data of safety and writes the procedure stores of new data of safety in a nonvolatile memory.
3. vehicle control device according to claim 1, wherein anti-theft system is connected on the vehicle control device; And
If wherein anti-theft system allows the operation about vehicle, then allow rewriting to recordable memory.
4. vehicle control device according to claim 1, wherein any form with flash memory, EPROM and EEPROM realizes recordable memory.
5. vehicle control device according to claim 2, wherein the form with single memory realizes recordable memory and non-recordable memory.
6. a rewriting device is used for rewriteeing a recordable memory that is included in the vehicle control device;
A memory device is used for storing new data of safety;
A communicator is used for transmitting new data of safety, so that new data of safety is write in the recordable memory; And
The data of safety that wherein writes in the recordable memory is used for determining whether allowing recordable memory is rewritten.
7. rewriting device according to claim 6, wherein recordable memory storage is used to determine whether to allow first data of safety to the rewriting of recordable memory; And
Rewriting device request vehicle control device is deleted first data of safety and the new data of safety that transmits is write in the recordable memory.
8. rewriting device according to claim 6 further comprises a user interface that makes the user can set up new data of safety.
9. rewriting device according to claim 6 is wherein the controller serial data block of data of safety of making a fresh start that further is configured to collect; And
Wherein communicator transmits serial data block by serial communication.
10. storage rewriting system that is used for vehicle control device comprises:
A recordable memory is installed on the vehicle control device, and recordable memory is stored first data of safety, and first data of safety is used for determining whether allowing the rewriting to recordable memory;
A rewriting device is used for new data of safety is sent to vehicle control device; And
Wherein vehicle control device is configured to delete first data of safety and a new data of safety is write in the recordable memory.
11. storage rewriting system according to claim 10 wherein is used for deleting first data of safety and is used for writing the procedure stores of new data of safety in a non-recordable memory.
12. storage rewriting system according to claim 10 wherein uses rewriting device to set up new data of safety arbitrarily.
13. storage rewriting system according to claim 10, one of them anti-theft system is connected on the vehicle control device; And
If wherein anti-theft system allows the operation about vehicle, then allow rewriting to recordable memory.
14. storage rewriting system according to claim 10,
Wherein rewriting device is stored second data of safety; And
Vehicle control device is configured to first data of safety is compared with second data of safety that transmits from rewriting device, and if first data of safety and second data of safety be complementary then allow recordable memory is rewritten.
15. storage rewriting system according to claim 10, wherein first data of safety has identical function with second data of safety;
Rewriting device comprises a program, so that according to the function of first data of safety one number is calculated one first functional value; And
Vehicle control device is configured to, if according to the function of second data of safety for this number calculate one second functional value, first functional value with compare, reach first functional value from second functional value of rewriting device transmission and equal second functional value then allow rewriting device that recordable memory is rewritten.
16. storage rewriting system according to claim 15 wherein should produce from random number in vehicle control device by number, and this number is sent to rewriting device from vehicle control device.
17. storage rewriting system according to claim 10 wherein transmits new data of safety through serial communication.
18. the method for canned data in the recordable memory that is used for being overwritten in the vehicle control device, this method comprises:
Reception is sent to the new data of safety of vehicle control device from an outside rewriting device;
Deletion is stored in first data of safety in the recordable memory, and first data of safety is used for determining whether allowing the rewriting to recordable memory; And
New data of safety is write in the recordable memory.
19. method according to claim 18 wherein by program stored in the recordable memory on being installed in vehicle control device, is deleted first data of safety and is write new data of safety.
20. method according to claim 18, wherein anti-theft system is connected on the vehicle control device; And
If wherein anti-theft system allows the operation about vehicle, then allow rewriting to recordable memory.
21. method according to claim 18,
Wherein rewriting device is stored second data of safety; And allow to the rewriting of recordable memory determine comprise:
First data of safety is compared with second data of safety that transmits from rewriting device;
If first data of safety and second data of safety are complementary, then allow rewriting to recordable memory.
22. method according to claim 21, wherein first data of safety has identical function with second data of safety;
Wherein allow to the rewriting of recordable memory determine comprise:
Function according to first data of safety in vehicle control device calculates one first functional value to a number;
But the function according to second data of safety in rewriting device calculates one second functional value to this number;
First functional value is compared with second functional value; And
If first functional value equals second functional value, then allow the rewriting of rewriting device to recordable memory.
CN01111611.0A 2000-03-16 2001-03-16 Storage rewriting system for vehicle controller Expired - Fee Related CN1219671C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP074236/2000 2000-03-16
JP2000074236A JP3954271B2 (en) 2000-03-16 2000-03-16 Memory rewriting system for vehicle control device

Publications (2)

Publication Number Publication Date
CN1315275A true CN1315275A (en) 2001-10-03
CN1219671C CN1219671C (en) 2005-09-21

Family

ID=18592323

Family Applications (1)

Application Number Title Priority Date Filing Date
CN01111611.0A Expired - Fee Related CN1219671C (en) 2000-03-16 2001-03-16 Storage rewriting system for vehicle controller

Country Status (7)

Country Link
US (1) US7132923B2 (en)
EP (1) EP1134748B1 (en)
JP (2) JP3954271B2 (en)
CN (1) CN1219671C (en)
BR (1) BR0101193A (en)
CA (1) CA2339536C (en)
DE (1) DE60108676T2 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7885744B2 (en) 2003-09-26 2011-02-08 Mitsubishi Heavy Industries, Ltd. Controllers for heavy duty industrial vehicle
CN103052539A (en) * 2010-08-03 2013-04-17 本田技研工业株式会社 Vehicle program rewriting system
CN103403771A (en) * 2011-02-25 2013-11-20 丰田自动车株式会社 Data rewriting support system and data rewriting support method for vehicle control apparatus
CN103631192A (en) * 2013-11-29 2014-03-12 上汽通用五菱汽车股份有限公司 Temporary authorization type automobile ECU (electronic control unit) safety authentication method and system
CN103885437A (en) * 2014-03-12 2014-06-25 潍柴动力股份有限公司 Data security protection method and device and electronic control unit
CN108202695A (en) * 2016-12-16 2018-06-26 比亚迪股份有限公司 Anti-stealing method for vehicles, device and vehicle
CN110501935A (en) * 2018-05-17 2019-11-26 隆巴第尼有限责任公司 For software object to be written to the method and apparatus of the electronic control unit of internal combustion engine
CN110738750A (en) * 2018-07-19 2020-01-31 松下知识产权经营株式会社 Vehicle-mounted detection system and control method thereof
CN114212051A (en) * 2021-12-14 2022-03-22 深圳市元征软件开发有限公司 Vehicle control method, device, electronic device and storage medium

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3609782B2 (en) * 2002-01-21 2005-01-12 株式会社東芝 Copy protected signal playback device
JP4270031B2 (en) * 2004-06-09 2009-05-27 株式会社デンソー In-vehicle information registration / disclosure system, in-vehicle device and portable device
JP2006117086A (en) * 2004-10-21 2006-05-11 Matsushita Electric Ind Co Ltd Antitheft device for vehicle
JP4534731B2 (en) * 2004-11-19 2010-09-01 株式会社デンソー Electronic control device and identification code generation method thereof
JP2007092621A (en) * 2005-09-28 2007-04-12 Aisin Seiki Co Ltd Electronic control unit
JP4960034B2 (en) * 2006-07-27 2012-06-27 株式会社東芝 Information storage medium and information storage medium processing apparatus
JP4325691B2 (en) 2007-03-22 2009-09-02 株式会社デンソー Memory readout system for vehicle control apparatus
FR2923627B1 (en) * 2007-11-08 2013-08-30 Siemens Vdo Automotive METHOD FOR UNLOCKING A MOTOR CONTROL COMPUTER
JP5216024B2 (en) * 2008-01-16 2013-06-19 株式会社アイ・オー・データ機器 USB portable device
US20130111212A1 (en) * 2011-10-28 2013-05-02 GM Global Technology Operations LLC Methods to provide digital signature to secure flash programming function
JP5783013B2 (en) * 2011-11-28 2015-09-24 株式会社デンソー In-vehicle communication system
US20130204513A1 (en) * 2012-02-08 2013-08-08 Bendix Commercial Vehicle Systems Llc Protect information stored in ecu from unintentional writing and overwriting
US20140058532A1 (en) * 2012-08-23 2014-02-27 GM Global Technology Operations LLC Method for partial flashing of ecus
JP6060592B2 (en) * 2012-09-27 2017-01-18 三菱自動車工業株式会社 Remote control system for in-vehicle devices
US9158926B2 (en) 2014-01-13 2015-10-13 General Electric Company Engine control unit configuration security
JP6387908B2 (en) * 2015-06-22 2018-09-12 トヨタ自動車株式会社 Authentication system
US10906506B2 (en) * 2017-12-28 2021-02-02 Micron Technology, Inc. Security of user data stored in shared vehicles

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2753225B2 (en) 1987-03-13 1998-05-18 株式会社日立製作所 In-vehicle control device
JP2830302B2 (en) 1990-02-15 1998-12-02 株式会社デンソー Automotive control device
US5677680A (en) * 1992-05-07 1997-10-14 Alps Electric Co., Ltd. Transmitting and receiving-apparatus for vehicle, having mode setting means
JPH05311935A (en) 1992-05-07 1993-11-22 Alps Electric Co Ltd Mode setting method for mobile transceiver
JP3005175B2 (en) * 1994-09-28 2000-01-31 本田技研工業株式会社 Vehicle anti-theft device
US5886421A (en) * 1994-11-11 1999-03-23 Kabushiki Kaisha Tokai-Rika-Denki Seisakusho Vehicle start-up permission device and identification code registering method
JP3109413B2 (en) 1995-07-31 2000-11-13 株式会社デンソー Machine control device
JPH0958414A (en) 1995-08-23 1997-03-04 Toyota Motor Corp Vehicle anti-theft device
JP3491419B2 (en) * 1995-12-04 2004-01-26 株式会社デンソー Electronic control unit
US5787367A (en) * 1996-07-03 1998-07-28 Chrysler Corporation Flash reprogramming security for vehicle computer
US6160488A (en) * 1996-10-14 2000-12-12 Denso Corporation Anti-theft device using code type transponder
JP3405095B2 (en) * 1996-10-22 2003-05-12 日産自動車株式会社 Vehicle antitheft device
US5937065A (en) 1997-04-07 1999-08-10 Eaton Corporation Keyless motor vehicle entry and ignition system
JP3531410B2 (en) * 1997-04-08 2004-05-31 日産自動車株式会社 Keyless entry device
JP3427694B2 (en) * 1997-09-19 2003-07-22 日産自動車株式会社 Vehicle security device
JP2000335371A (en) * 1999-05-26 2000-12-05 Denso Corp Electronic control device and recording medium

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7885744B2 (en) 2003-09-26 2011-02-08 Mitsubishi Heavy Industries, Ltd. Controllers for heavy duty industrial vehicle
CN103052539B (en) * 2010-08-03 2015-12-16 本田技研工业株式会社 Automobile-used program rewriting system
CN103052539A (en) * 2010-08-03 2013-04-17 本田技研工业株式会社 Vehicle program rewriting system
US9126542B2 (en) 2010-08-03 2015-09-08 Honda Motor Co., Ltd. Vehicle program rewriting system
CN103403771A (en) * 2011-02-25 2013-11-20 丰田自动车株式会社 Data rewriting support system and data rewriting support method for vehicle control apparatus
CN103403771B (en) * 2011-02-25 2016-03-16 丰田自动车株式会社 For rewriting data back-up system and the rewriting data support method of vehicle control apparatus
CN103631192A (en) * 2013-11-29 2014-03-12 上汽通用五菱汽车股份有限公司 Temporary authorization type automobile ECU (electronic control unit) safety authentication method and system
CN103631192B (en) * 2013-11-29 2017-12-05 上汽通用五菱汽车股份有限公司 The automobile ECU safety certifying method and system of temporary Authorization type
CN103885437A (en) * 2014-03-12 2014-06-25 潍柴动力股份有限公司 Data security protection method and device and electronic control unit
CN108202695A (en) * 2016-12-16 2018-06-26 比亚迪股份有限公司 Anti-stealing method for vehicles, device and vehicle
CN110501935A (en) * 2018-05-17 2019-11-26 隆巴第尼有限责任公司 For software object to be written to the method and apparatus of the electronic control unit of internal combustion engine
CN110501935B (en) * 2018-05-17 2024-03-12 隆巴第尼有限责任公司 Method and device for writing software objects into an electronic control unit of an internal combustion engine
CN110738750A (en) * 2018-07-19 2020-01-31 松下知识产权经营株式会社 Vehicle-mounted detection system and control method thereof
CN114212051A (en) * 2021-12-14 2022-03-22 深圳市元征软件开发有限公司 Vehicle control method, device, electronic device and storage medium

Also Published As

Publication number Publication date
JP2001265582A (en) 2001-09-28
US20010023485A1 (en) 2001-09-20
US7132923B2 (en) 2006-11-07
EP1134748B1 (en) 2005-02-02
DE60108676D1 (en) 2005-03-10
CA2339536A1 (en) 2001-09-16
CA2339536C (en) 2011-09-20
EP1134748A3 (en) 2002-10-23
JP4340297B2 (en) 2009-10-07
EP1134748A2 (en) 2001-09-19
DE60108676T2 (en) 2006-01-19
CN1219671C (en) 2005-09-21
JP3954271B2 (en) 2007-08-08
BR0101193A (en) 2001-10-30
JP2007188522A (en) 2007-07-26

Similar Documents

Publication Publication Date Title
CN1219671C (en) Storage rewriting system for vehicle controller
US5787367A (en) Flash reprogramming security for vehicle computer
US6401207B1 (en) Security device for vehicle
US6480928B2 (en) Memory rewriting system for vehicle controller
US5606315A (en) Security method for protecting electronically stored data
EP0835790A2 (en) Anti-theft device using code type transponder
CN1723142A (en) Vehicle security apparatus and id code management device
US20080278282A1 (en) Motor Vehicle Control Device Data Transfer System And Process
US20080101613A1 (en) Autonomous Field Reprogramming
CN101042780A (en) A vehicle immobiliser apparatus
US20050086539A1 (en) Chipped engine control unit system having copy protected and selectable multiple control programs
US6144112A (en) Fuel pump immobilization
CN101042779A (en) Vehicle security apparatus and system
US20020053027A1 (en) Method for preventing theft of vehicles by performing ignition key authorization
US7333005B2 (en) System and method for data communication with a control device having an adapter for reflashing control device software
US20080157920A1 (en) Calibratable uds security concept for heavy-duty diesel engine
US9865108B2 (en) Vehicle security system
CN112714147A (en) Improving vehicle communication security
EP1785339B1 (en) System for controlling the tilting function of a cab of a motor vehicle preventing unauthorized cab-tilt operations, a motor vehicle comprising such system, a corresponding method of controlling a cab tilting function and a computer program and a computer readable medium therefore
US7068144B2 (en) Method and system for re-learning a key
EP3570193B1 (en) Method and device for writing software objects into an electronic control unit of an internal combustion engine
CN104158621B (en) Secure transmission of a data sequence to be transmitted
EP0993999A2 (en) Fuel pump immobilization
JPH1013404A (en) Transmission information generation method, information transmission/reception system and portable transmitter-receiver
CN1629018A (en) Vehicle anti-theft system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20050921

Termination date: 20190316

CF01 Termination of patent right due to non-payment of annual fee